- Global Public Cloud Revenue To Rise In 2019: Gartner
- Sysnet Global Ties Up With Pi DATACENTERS To Boost Its ‘Cloud First’ Strategy
- IoT Devices At Home Are The Latest Target For Cryptojacking: Study
- Only Two-Thirds Of Cloud Service Providers Plan To Have Same Business Model By 2020: IDC
- The Switchover To Services Is Finally Happening In Security
iOS Privacy Easily get the user’s Apple ID password, just by asking
By Nisheeth Bhakuni | October 11th, 2017
iOS asks the user for their iTunes password for many reasons, the most
common ones are recently installed iOS operating system updates, or iOS
apps that are stuck during installation.
As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so. However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases.
This could easily be abused by any app, just by showing an UIAlertController, that looks exactly like the system dialog.
Even users who know a lot about technology have a hard time detecting that those alerts are phishing attacks.
How can you protect yourself
- Hit the home button, and see if the app quits:
- If it closes the app, and with it the dialog, then this was a phishing attack
- If the dialog and the app are still visible, then it’s a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.
- Don’t enter your credentials into a popup, instead, dismiss it, and open the Settings app manually. This is the same concept, like you should never click on links on emails, but instead open the website manually
- If you hit the Cancel button on a dialog, the app still gets access to the content of the password field. Even after entering the first characters, the app probably already has your password.
Nisheeth Bhakuni
